CVE-2021-29451: Improper Verification of Cryptographic Signature

April 19, 2021 (updated September 25, 2023)

Portofino is an open source web development framework. Portofino before version 5.2.1 does not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.

References

github.com/ManyDesigns/Portofino/commit/8c754a0ad234555e813dcbf9e57d637f9f23d8fb
github.com/ManyDesigns/Portofino/security/advisories/GHSA-6g3c-2mh5-7q6x
github.com/advisories/GHSA-6g3c-2mh5-7q6x
mvnrepository.com/artifact/com.manydesigns/portofino
nvd.nist.gov/vuln/detail/CVE-2021-29451

Detect and mitigate CVE-2021-29451 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →